Groups and Rules Definition
It is possible to define using PHP code, rules for the management of permissions, from the simplest to the most articulated.
Once positioned in the Rules configuration form, expand the scripting area by clicking on the </> icon G Expression field.
Inside that you can define a rule using PHP code.
EXAMPLE – DEFINE A SET OF CUSTOM RULES FOR A GROUP
In this example you want a group of users to be able:
- Create Service Operations;
- Delete only the Service Operations assigned to your user (Assigned To);
- Modify Service Operations sent by a specific user group;
- View details only of the Service Operations assigned to your Assigned Group;
- Display in the grids only the Service Operations assigned to your user groups (Assigned Group).
To accomplish this requirements, you need to define 5 distinct rules.
RULE 1: MANAGE CREATION
To allow users to “CreateService Operations” it is necessary to define a rule having Create Type, DeepService-Operations Model and than insert the following PHP code:
return true;
RULE 2: MANAGE CANCELLATION
To allow users to “Delete only the Service Operations assigned to their user” it is necessary to define a rule on the DeepService-Operations Model withType Delete where verify the current user is also the assigned user of the operation.
To do this, insert the following code:
//retrieve the assigned user username
$assignedUsername = $model->getAssignedUsername();
//retrieve the current user
$currentUser = Deep::helper('deep_admin')->getCurrentUser();
//ticket has an assigned user and assigned user is the current user then allow delete action
if ($assignedUsername && $assignedUsername == $currentUser->getUsername())
return true;
return false;
RULE 3: MANAGE EDITING
To allow users in the group to “Modify Service Operations sent by a specific user group” it is necessary to define a rule on the DeepService-Operations with Update Type to verify that the Requester of an operation is a member of a specific group.
To do this, insert the following code:
//retrieve the requeter user obkject instance
$requester = $model->getRequesterUser();
//if requester user is member of customers group then allow the update action
if ($requester && $requester->isInGroup('Customers'))
return true;
return false;
RULE 4: MANAGE THE DISPLAY
To allow users to “View details only of the Service Operations assigned to their own user groupsyou need to define a rule on the DeepService-Operations Model of Type Read to verify that the current user belongs to the assigned group.
To do this, insert the following code:
//retrieve the assigned group id
$assignedGroup = $model->getAssignedGroupId();
//retrieve the current user
$currentUser = Deep::helper('deep_admin')->getCurrentUser();
// if the current user is a member of the assigned group then allow to view operation details
if ($assignedGroup && $currentUser->isInGroup((int)$assignedGroup))
return true;
return false;
RULE 5: MANAGE THE DISPLAY IN GRIDS
In order to allow the users to “Display in the grids only the Service Operations assigned to the groups of which the members are member of” you need to define a rule on the DeepService-Operations Model of Grid Type to verify that the current user belongs to the assigned group.
In this case, acting on the grid, add a filter to the query that retrieve records from the database.
//retrieve the assigned user
$currentUser = Deep::helper('deep_admin')->getCurrentUser();
//add a filter to the DB query on assigned group
// assigned group must be in the array returned by $currentUser->getGroupIds()
$collection->addFieldToFilter(
'assigned_group_id', ['in' => $currentUser->getGroupIds()]
);